Using Salesforce Multi-Factor Authentication to its Full Potential
From February 1, 2022, Salesforce users who will be logging in to the different Salesforce products (this applies to partner solutions, too) through the user interface are required to use Multi-Factor Authentication. This is done every single time they log in. If you are using Salesforce-managed services, you must be prepared for this.
Online security threats are ever-present. Despite constant efforts to fight cybercrimes, people who commit those crimes double their efforts to take advantage of others, too, so threats and risks are continuously evolving. Therefore, security measures like MFA are necessary, and in this post, we’ll tell you why:
What MFA Is?
MFA is a new Salesforce feature that significantly increases the security for user accounts, especially against threats like phishing, credential stuffing, and account stealing and takeovers. It offers an extra layer of protection both for employees and customers when they log in. It also addresses the ripple effect that comes with compromised credentials. For instance, while someone might be able to steal your username and password but because they’d be prompted for another factor before they can finally access the account and your data, they will be unsuccessful with their attempt.
How It Works
Once MFA is enabled, users need to enter at least two “factors” or pieces of evidence that prove that they are indeed the user and account owner. First, users will be asked to log in using their username and password. Then they’d be prompted to complete the verification method. This could be an authenticator app installed on the user’s phone or laptop, or it could be a security key. Email, SMS, and phone calls are not used for MFA verification because they are easily compromised. Text and calls can also be intercepted, so they’re not safe.
The Difference Between Passwords, SSO, and MFA
Passwords have always been the primary tool used for verification. Ideally, only you should know your password, but it has long been proven that this verification method is quite vulnerable. Passwords often consist of a combination of words, special characters, and numbers. The user is to choose their password. Naturally, they want to use a password that’s familiar to them so it can easily be remembered. Unfortunately, this means they are also easy to target for hackers.
SSO or Single Sign-On
SSO means you only need just one set of credentials to access various accounts on different websites. Some of the most common providers of SSO are Google, Microsoft, and Facebook.
MFA can be considered a much deeper verification. This will keep anyone from logging into any platform, whether a website or an app, unless fully verified. Users will be required to enter at least two pieces of evidence to make sure that they are really who they are when they log in.
Setting Up MFA
Enabling MFA for Users
Before enabling this feature, the verification methods have to be distributed first so that the users can do the registration properly first. Here are the steps for registering using the Salesforce Authenticator app:
1. Install the Salesforce Authenticator app. You can download it from the App Store or Google Play on any mobile device. There are also other authenticator apps that you can try.
2. Enter your username and password on the Salesforce product’s login screen.
3. For those built on the Salesforce Platform, you’ll see the Salesforce Authenticator screen automatically. For B2C Commerce Cloud, Mobile, Journeys, or Marketing Cloud-Email, choose the Salesforce Authenticator tool from the verification methods list.
4. Open Salesforce Authenticator and choose ‘Add an Account and you’ll see a two-word phrase.
5. Enter the phrase in the Two-Word phrase field on the Connect Salesforce Authenticator screen and click ‘Connect.’
6. Verify that the request details are correct in Salesforce Authenticator and then ‘Connect.’
Like with any other new process, transitioning to the use of MFA can be confusing to some. But with the right strategies, everyone will be used to it in no time. What you can do is determine which users are required to use MFA and if it’s decided that all users will have to use it, make sure to communicate that change and take the initiative to provide them with resources. Provide proper training for the registration and usage if needed, too. If you need a successful implementation of MFA in your company, our expert team at Apphienz is here to help you.